Posted
by
timothyon Thursday May 02, 2013 @10:47AM
from the deadliest-catch dept.

lukej writes "In Ketchikan, Alaska a small group of unidentified students gained access to school owned computers by using phishing techniques on their teachers. The then used the elevated access to remotely control their peers computers. Fortunately the school administrators seem to have a taken a realistic and pragmatic viewpoint of the situation, although no official punishment has yet been determined. '"Kids are being kids," (Principal) Robinson said, adding that he was surprised something like this had not already occurred. "They're going to try to do what they try to do. This time we found out about it."'" And no one got arrested.

Hell, we didn't even get in the local paper when we ignited the Thermite we found in the chemistry lab. I'll bet there isn't a high school this side of Kandihar that even has thermite in the chemistry lab. Hell, I'll bet there isn't a high school that even has a chemistry lab, period.

No wonder kids these days are all depressed and turn to drugs and sex.

Hell my chem teacher in high school had a 6" flower pot filled with the stuff and lit it. It went great until it melted the rock he put in the bottom and molten iron started pouring out the bottom and onto the floor. He was also know to light the gas outlet on fire at the table in front if someone wasn't paying attention during a lecture. Unfortunatly they had cleaned the chemical locker so the really neat stuff was gone, no more phosphors or sodium but there was still a 1 quart container with mercury in it

But, back to serious stuff, it is very sad what passes for Chem, and home-chemistry sets these days. By way of comparison, Google around and download yourself a copy of the Golden Book of Chemistry Experiments (or title similar to that). It's full of very cool stuff to do.

Apparently in Alaska you can pull a prank and it doesn't get turned into a life-altering jail sentence and you being labeled a terrorist. Alaska may be the last refuge of what being in the United States really used to be all about. Too bad the terrorists won in the lower 48.

They weren't immediately arrested, but I think it's a little too early to believe that nothing's going to happen. The principal was obviously downplaying it, but he left the door open for what the consequences will be.The laws regarding unauthorized computer access are mainly federal laws. I'd be concerned that the local federal prosecutor would decide to take an interest.

Apparently in Alaska you can pull a prank and it doesn't get turned into a life-altering jail sentence and you being labeled a terrorist. Alaska may be the last refuge of what being in the United States really used to be all about. Too bad the terrorists won in the lower 48.

Alaskan resident here. If you're looking for a region where terrorists haven't won, I'm sorry to say that Alaska isn't for you. Ketchican has just over 8,000 people, making it pretty rural. In more populated areas of the state (Mat-Su valley, Anchorage), it's not that way at all. I once gained access to the password protected wireless for my school in the Mat-Su Valley with no malicious intents, and was almost expelled from the district because of it.
To make things worse, Alaska is one of the only areas o

logic and reasoning in a schoolhouse, what ever is this nation coming to? this must be stopped!

Unfortunately, in a mad rush to show "we are serious about..." school boards and administrators pass zero tolerance policies. As a result the stupid as well as they criminal get punished equally. Schools cannot apply common sense, as much as they may want to, because of the rules. Everyone gets all bothered by draconian punishment for a minor infraction but are unwilling to change rules because they don't want to be held accountable for making a decision that someone will second guess. That is not limited

That probably has a lot of do with it, actually - Ketchikan isn't a huge place, and people end up really knowing each other. Especially parents (since there's probably only one class for the grade). So it wouldn't be surprising if a lot of people knew each other.

You really can't expel them, and the community will provide any necessary punishment above and beyond what punishment is meted out. In small towns, it can easily lead to shunning and exclusion (where the o

But it's not all that small, either. It's the fifth largest city [wikipedia.org] in the state, though areas like Wasilla have a significant population outside the city boundary. The middle school had enrollment of 295 [wikipedia.org] for two grades in 2009, so there are probably about 150 students in each grade.

Both the town and the schools are a lot bigger than where I went to school, so it seems to me that that's more than large enough to get lost in.

I grew up in Ketchikan. It is a small town on an island but the total population is not that small. it's around 10,000. In 1987 when I was attending, there were about 400 kids in Schoenbar Jr High when I was there and there were around 800 kids in the high school.

Teachers were presented with a display that looked "exactly like" it does when prompted for a software update, but instead it was a request for administrative access, according to district technology supervisor Jurgen Johannsen.

Reading in between the lines I suspect it could have looked wildly different, but the teachers were trained to look for some specific text string which the students got to appear in the elevation dialog.

The UAC dialog is designed to look different if a executable is digitally signed to prevent just this sort of phishing attack. Either the school IT screwed up by not using signed tools, or the teachers were not trained on the differences between the dialogs for signed and unsigned elevations.

If it is the attacker that presents the dialog, they have full control. It's probably not a real UAC dialog (i.e. produced by the UAC process) of course, just an exact copy of it. So they can have it look just like the "digital signed" version or the "unsigned" version or whatever version.

If you're not using social engineering to get elevated privileges in your middle/high school's computer network, you're not really a computer geek. Of course, we never got caught (although I'm certain that my high school "computer class" teacher was perfectly aware and just didn't care or even approved as long as we didn't actually fuck up the network).

A chum in my science seminar class hacked into the principal's office phone, so we could listen to him from the classroom whenever we wanted. When it was close to graduation, he got bored and patched the phone line into the school public address speakers, so all day his calls were broadcast in every classroom (they figured it out and he stopped using his phone after an hour or so).

After lunch, the principal called our buddy up to the office. He asked him "Do you by any chance know something about this?" Our buddy said "Yep." Principal said, "Just go fix it and we won't ask any more questions, ok?" He did, and that was that, no call to his parents or anything.

Now in the early 1950s, when my DAD was in high school, they just led a cow upstairs and locked it in the bathroom (Cows can walk up stairs better than they walk down). It's pretty easy to imagine the same kids pulling the same kind of pranks with the technology of the day.

Back when, at university we all had timeshare accounts on an Amdahl 470V/8. Now if you needed more account time (to play SPACWR probably) you could beg some from the TA's, but the best way was to get another users password, and use their account and their computer $ to play. The came the Valentines day dance. There was a guest list circulating with everyone's name plus the name of their date (so we could make fancy place cards or something). We scammed a copy of the list and headed for the terminal room. We

Never stopped slashdotters from posting idiotic ideas before though. How about approaching it from the "need only access" approach, and auditing systems periodically for rogue access approach. Probably would cost less too, than training teachers in anti-phishing concepts who only want to teach social studies and math.

At the middle school level? Every teacher should know more about every subject than their students. By high school that may not be a reasonable expectation. But yes, a math teacher should know more about English or history than a 12-year-old.

That said, computers are funny, because that may not properly be a subject taught at the school, and also because of generation gaps in understanding modern tech. It may be excusable now; in a generation it would be as shameful as getting shown up in any other subject.

The reason why few teachers can handle more than one subject is primarily an issue of training. If you don't train the teachers to teach multiple subjects, and permit them time to learn the ins and outs of teaching it, then you're not going to get many teachers that go to the trouble.

When all is said and done, if you want higher standards, then you're going to have to pay better, do a better job of managing the schools and generally stop treating teachers like crap. There's a reason why the average career as a teacher in the US is only 5 years. By the time they've gotten the hang of it, they're being pushed out the door.

Nooooo. The biggest problem we have now is that teachers care about teaching but don't have strong subject proficiency. If you know your subject in an out, and love thinking about, reading, and discussing it, then the teaching will come easily. That has been the philosophy in upper education for... well, always, and it has worked out pretty well.

Your problem is you see it as a job, not a calling. It only works well when it's the latter. I've had plenty of teachers that just show up to do their jobs, and guess what I don't remember the name of a single of them.

You can be a math genius and not have one shred of aptitude when it comes to imparting knowledge on others. To be a good teacher, you need to be good at/interested in *teaching*, which is a discipline all its own. It's not 100% transferable between say math and English, but the better one is at teaching the better one can pick up an unfamiliar subject and teach it.

You mean... they remember some of there schooling from back in the day and impart it on their students in non-subject matter as part of typical human conversation?

Man... why do people find the education system so difficult to understand, you're responsible for the kids these institutions are turning out today through your ignorance and unreasonable expectations.

My best teachers specialized in one subject and... ready for this... WERE PASSIONATE ABOUT IT , that's the way to go, not cross-training.

But they should have better computer skills then the students they teach. The point of a teacher is to teach and when the students can out pace them in an area it means they can't.

If you remember what it was to be a child at all you'll remember that children have *lots* of time to get good at this sort of thing. A child who's into computers can spend much more time learning the ins and outs than a teacher who has a job and home life, etc. You can't expect a teacher to always know more than *every* child they teach.

Seriously, I'm a teacher and even though I already know the content, it doesn't let me off the hook for figuring out how to convey that content to a new group of students. For every 5 minutes of homework I assign to the students, that's easily an hour of my time that I have to spend designing the assignment and assessing the results. And that's just if I'm doing a check off that they did it. If I have to actually check the quality in any meaningful way it can take a lot more time than that.

As for knowing less than the student, perhaps if the tax payers would shoulder some of the expense of training and certification that would be more reasonable. As it is, teachers work long hours and have to keep up with their certifications on their own. Expecting them to have time to also keep on top of the subject in areas where students might have interested, is rather unreasonable.

Sigh, this sort of ignorance is rather astonishing. The average EE makes more than double what the average teacher makes.

What's more, you're only including class time there, schools don't make the lessons for their teacher nor do they do any of the grading. When you have 150 students, even just 5 minutes per student per day adds up quite quickly. It's not unusual for teachers to be at it late into the evening during the year to keep up with the demands of the job.

And we still have to deal with folks like you that have this astonishingly low opinion of us, because clearly we only work when we're at school with students, it's not like we have to prepare new lesson plans each year and grade papers.

Nobody cares what you (or anybody else) did in elementary school. I'm sure the teachers work hard, but K-12 is more about making sure someone can be a productive member of society rather than teaching anything in particular. K-12 is a test, just like passing the GED is a test. If you pass it, for the rest of your life you can say with some confidence that you are not a complete failure, no matter how much of a failure you might become.

I'm in year 10 of being a teacher, I have a math degree, a music education degree, a masters in instructional technology with certifications in math, music, physics and technology in multiple states. I've had fellowships at Intel, and WestEd. I make 58k per year on 186 work days officially. I have no clue where you got 90k as teacher's salary because my district, and most in the area do not even top out at 90k.

I think you're delusional in other ways as well. It's not uncommon for people to both cling to a single example of knowing better than a teacher to talk about how much smarter they are, ignoring another 12 years of times they didn't know better as well as blaming their own misconceptions on teachers giving incorect information. After I left my PhD math program (admittetly, I wasn't good enough, so if you want to crush me for not being very smart, you can do it there) I went to teach high school and promptly completely botched order of operations in Algebra class since it had been something like 10 years since I had to even think about working with numbers. I'm sure some of those kids are out there today saying "Remember that STUPID teacher we had who couldn't even do order of operations?", while others certainly remember better our use of trebuchets and catapults to measure and learn about projectile motion as an application of quadratics. The point being, you sometimes remember things how you want to remember them, and I'd venture it's more about how much you liked the teacher personally than how good or bad the quality of instruction was.

As a maths person, you should be able to deduce fairly easily that you make 'wage equivalency' to someone making $80k or so a year. So OP was a little off but your flat rejection is a bit more off than his misstatement...

Well you might be the exception to the rule then, my teachers were dumb as dog shit.

That is made quite apparent by your mastery of of the English language.

If I have to work 12+ hours a day when I factor in office time and certifications then I can 100% expect teachers to put the same effort in.

Can you expect that if they are making half or one third of the salary you make, with equivalent levels of education?

I'm not joking when I say that my grade school teachers maybe put in a 8 - 3:30 day, class started at 9 so most of them put in a 8:45 ; 3:15 day including a hour lunch and two 15 minute recess brakes so take another hour and 1/2 off.

Either your teachers were uniformly horrible or your estimation of their work was significantly skewed. In my county, teachers are required to complete a master's degree while they are teaching, in addition to continuing education credits throughout their career. Those things are mandated and if they don't meet the requi

My first Algebra teacher was uninterested, and my work showed it. My second one was very interested, and my work showed that.

Not one single English teacher I had in high school was the least bit interesting, so I muddled through. But my Geometry teacher was fabulous, my American History teacher even more so, and my Drafting teacher par excellence. My Earth Science teacher similarly. My French teacher was also. these subjects I did well in.

Spoken like somebody who has never taught. Summer is the time we have to keep up with our certifications and many of us have to have a second job during the summer because the pay sucks, compared with other jobs that require a similar level of education.

What's more, you never know how your classes are going to react to content until you actually meet with them a few times which could lead to you having to make adjustments to the materials.

Ah, now I *know* you're talking out of your arse. Your impressions of what teachers do is like a child's understanding of the job.

Teachers are doing a performance all day long. Those performances need preparing, for each and every class. The resultant work of the class needs marking (times 30 pupils). These things don't just happen magically, it's a fairly work-intensive profession.

(Teachers also often seem to have a god-complex and a need to be appreciated by the whole world. I don't get appreciated by the

I can't agree with that. School is like jail in some ways, kids get bored and figure out how the "routines" work and take advantage of them when its fun or beneficial. In reality I'd wager a bunch of regulars here got started in their careers breaking stuff like this even if by accident. For that reason I think the initial reaction from administration is on par with what it should be. I think this is a great opportunity to demonstrate that tinkering/learning is great but should not be done to the detrime

If a teacher isn't evolving faster then the student then I have no reason to keep them, I can buy some hundred dollar textbooks and do the same job. So again I have no soft heart for a teacher, they need to learn and learn all the time.

In the US and in the state I reside you are certified to teach for a range of grade levels. The higher up the grades you are certified in the more you are expected to be an expert in one discipline. So for grade schools you have a broad certification in Math, English, Social Science because you will teach all these disciplines to your group or students or maybe share with another teacher in the same grade if a more advanced Math class is needed or something. Once you get to the secondary schooling / hig

The easy answer to this is because private schools can admit/reject anyone they want for any reason. If your kid is obnoxious and disruptive to the class room, they are out. If they are too stupid and would drag the rest of the class down, they are either put in intensive tutoring or they are out. In public school, you have to take everyone no matter what; school becomes less about teaching and more about keeping the kids under control. When your choice is between trying to convey a subtle bit of math o

Middle school in the US is where you start to see teachers specialize (In elementary school you tend to have a single teacher for the majority of the day and only switch for things like music/gym/etc)

Middle school was when I first took apart my parent's computer, ran up the phone bill connecting to BBSs (as a kid not realizing that same area code didn't mean local), and started learning the ropes about computers by struggling to get the sound working at the same time as other components. (config.sys autoexec.bat, etc)

To expect a teacher, who may have no real interest in computers, to keep pace with the insatiable curiosity of a student 'looking under the hood' is simply not reasonable.

Would you expect the English teacher to be able to outpace a student who picks up an interest in Geology?

When I was 12, I also got really into airplanes, and studied hard to get my pilot's license asap. Would you expect any non-pilot teachers to have more knowledge about FAA regulations than a budding hobbyist?

When I was 12, I also got really into airplanes, and studied hard to get my pilot's license asap. Would you expect any non-pilot teachers to have more knowledge about FAA regulations than a budding hobbyist?

No but I would expect teachers to have basic operational skills for equipment used for teaching. In the past a 16mm projector was a pretty standard piece of classroom equipment (yes I am old) - teachers were expected to understand how to plug the thing in, load the film, and overall use the tool to project a movie. Now computers are part of a basic classroom - teachers need to have basic operational knowledge of them. They need to understand how to use the educational or presentation software being used. I

I argue that basic operational knowledge also includes a security component - not complex security, but basic things like "use a password" and "lock the screen".

I would agree that such things would fall into the 'basic operational knowledge' of the equipment, but that amount of knowledge is still far below what would be necessary to secure/monitor a system against even 'entry-level' hacking knowledge. So I think the point still stands, 'Teachers can not be expected to be more knowledgeable than all middle

This is true. A better example than "Sure, and the teachers should be able to fix the heater when it breaks." would be that you expect the teacher to know how to turn the heater up when it gets too cold in the classroom.

Unfortunately, people seem to think that "I don't know computers." is a valid excuse. I could completely understand this back in the 80's, but it just isn't a valid excuse anymore. I don't know how good are bad the phishing was that these teacher fell for, so I don't know if it is legi

When I was in high school (late 90s) the "Computer Teacher" was really nothing more than a word processing teacher. All of the classes focused on teaching typing and some very basic computer usage. i.e what is RAM, HD, keyboard, mouse. I phished his password on the regular and he never knew I had it. I did it by having him unlock the computer so I could fix something. I would then install a key logger and re-lock the security software. Once that was done I would tell him that I forgot to make one more chang

No, the surprise is that you think it doesn't happen all the time. I worked at a school for a while, and I saw at least a dozen attempts at the fake login hack, and I only saw those that screwed up somehow. I found several by typing CTRL-C before entering my login/password. But if they were smart enough to set up a handler for SIGINT, they would have got me. I found a few more by running "find/users -name '*.c' -print | xargs grep 'Login:'", but that only caught those dumb enough to leave the source co

I remember doing this back in 1993. While I didn't use email phishing I chummed up to the network admin and came up for excuses for him to enter his password as I watched him type it in. Created my own administrator account to give myself access to all programs that were restricted to students. Mostly so I'd have free access to the few games they had on the network:) They never knew.

I was on good terms with my high school's computer person back in the seventies, when the entire school district shared a timesharing computer. He told me the password to the teachers' account (yes, just one) for our school. It was "SECRET".

One time I was sent to the Principal's office and while waiting outside, his secretary left the room. I pull out one of her drawers and sure enough the password to the school's grading computer "PENCIL" was right there. I used it to change some of my grades...

HEY!!! Why did YOUR school have computers in the seventies, and all MY school had was electric typewriters?

I am curious though - where did you go to school? My school system was considered pretty wealthy, but we had zero computer access. I mean, zero. The most computer-like device on school grounds were Texas Instruments scientific calculators!

I remember doing this back in 1993. While I didn't use email phishing I chummed up to the network admin and came up for excuses for him to enter his password as I watched him type it in. Created my own administrator account to give myself access to all programs that were restricted to students. Mostly so I'd have free access to the few games they had on the network:) They never knew.

I still remember the password too: "ersm" - ever so secure.

Ah, good times. Back in my day we did it by bootdisking one machine, swiping the password file and then running l0pthcrack against it; and lo and behold the local admin password on every machine was the same, and it matched the domain admin password too. We used it for everything from installing games to snooping on other user's work files. The password was only 6 chars, easy work for even a slow computer from 15 years ago. Its funny how those memories stand out, eh?

The last high school I supported, they had the brilliant (BRILLIANT!) idea of teaching programming using Turbo Pascal. And they included the network libraries in it.

Using Novell, the school suffered an escalating fight with the kids. First they faked a login screen. then they hacked the GINA and got it installed on all the machines in the lab. Then they ran a password sniffer at boot.

Then I convinced the administration to let me use the same techniques. Installed some boot time code to catch these nasties, searched and found the source code, and identified the miscreants. We applauded their efforts, hired one on as a part-time assistant, and warned the others that future incidents would result in escalating punishments. One did get back into school, but the others were banned from the lab for their junior year.

Next semester we deployed ZenWorks, images, and a lot of policies. No matter how they tried, if a station was logged in with a staff ID, the screen bakcground was red. Easy to spot.

Novell huh? If they had used USERLST and CHKNULL and they never would have gotten caught. Just find all the accounts that never had a password set and sign in to "set your password for the first time." I had a whole list of throw away accounts to use during my angsty teenage years. I got these instructions from the help menu. LOL, I thought I was so 1337 back then.... such a script kiddie, haha.

Those were never problems introduced by us. Teaching programming with network libraries was asking for trouble. Not that Windows Server 2000 was safe from them either, but the three that re-wrote the GINA received my full measure of wrathful judgement. I nearly told the administration it was them or me. Didn't come to that, one of their parent was savvy enough to understand.

It's amazing they weren't arrested and tagged for the rest of their lives with felony records. That seems to be the present day, "American Way", destroy as many lives as possible and make sure they never succeed at life.

I guess government sponsored and press-fueled hysteria hasn't reached this part of the world yet. If this had happened in the lower 48 they'd be discussing potential links to terrorist groups on Fox News.

Don't kid yourself, it wouldn't just be Fox news....it would be all of them.

Yep, this makes perfect sense. Reminds me of one time I was bored after school in 7th grade while waiting for my mom to pick me up, and there were these plants growing next to one of the walls of the school... I decided it would be fun to see if I could write on the wall with the flowers of the plants. Why? Cause I was bored, and like probably most people here, my intelligence was way higher than my wisdom. Turns out, yes, they wrote extremely well. Too well: they wouldn't wash off. They could tell I was ju